Game Warden® is a platform-as-a-service (PaaS) tool that allows organizations to develop and deploy software applications in a fully managed and secure environment optimized for DevSecOps practices. It integrates security and operations to increase efficiency and agility, and facilitate innovation.
Game Warden’s DevSecOps capabilities allow organizations to quickly and efficiently accredit applications for Department of Defense (DoD) use, without sacrificing the speed and control that make DevSecOps practices so effective.
What is DevSecOps?
According to AWS, DevOps is a “combination of cultural philosophies, practices, and tools” that augment organizations’ capacities to develop, deliver, and improve software products. These practices and tools are geared toward synthesizing operations, development tasks, responsibilities, and teams. DevSecOps is a security optimized continuous integration and continuous development (CI/CD) methodology that builds on DevOps.
The strength of the DevSecOps methodology relies on a few key factors: communication and collaboration across development, operations, and security teams; shifting security to the beginning of the development cycle; and process auditability made possible by continuous monitoring, and automation. These practices make the development process faster and more secure.
Although the phases of the cycle may vary from model to model, they generally include planning, coding, building, testing, releasing, deploying, operating, and monitoring with security measures implemented throughout each phase. Each completion of the cycle informs the team on the objectives for the next cycle.
When a company decides to seek a traditional Authority to Operate (ATO) in the Department of Defense, they must be willing to disrupt their DevSecOps cycle to execute the security and compliance requirements. In this case, the company is able to plan, code, build, and test within their own infrastructure, but then must wait for the DoD to complete the ATO before continuing to release and deploy (which sometimes includes a repeat of the build and test phases). Once deployed, the operation and monitoring of the application is often isolated from the commercial company, limiting the ability of the company to visualize performance, security, or customer usage. By breaking the DevSecOps Cycle, the traditional ATO process can be costly and time-consuming for commercial companies, forcing development teams to either delay new features until the multi-months process is completed, or to build new features in the dark before receiving customer feedback.
Game Warden Helps Teams Leverage DevSecOps
Game Warden is the platform that facilitates the optimal use of DevSecOps practices for software teams seeking to deliver software to the government on a government network, taking the friction and delays out of the process so as to not break the cycle. The process is fast, repeatable, and scalable on multiple infrastructures and networks, with all phases of the process reinforced with continuous security and monitoring.
- Plan and Code — With Game Warden, the plan and code phases stay within the control of the commercial company, with no need to expose source code or conduct software development inside a government infrastructure.
- Build — Teams provide Game Warden their Cloud Native Computing Foundation (CNCF) compliant container, and it is committed to Game Warden’s container repository. Game Warden scans finished containers for common vulnerabilities and exposures (CVE), common weakness enumerations (CWE), and other key vulnerabilities in the build process, libraries and base images. This process includes container hardening to reduce the attack surface.
- Test, Release, and Deploy — Game Warden manages functional testing, container security scans, container hardening, and test deployments. It dynamically spins up your containers in a sandbox environment and assesses running behavior security attributes. Game Warden then generates clear performance reports and specific remediation actions prior to submitting the app for ATO review. The application is deployed as a container into hosted and secured Kubernetes environments accessible to DoD customers.
- Operate and Monitor — Game Warden fully manages the environments, providing continuous monitoring and reporting which ensures transparency and maximum up-time for businesses with commercial service level agreements.
Game Warden is an innovative alternative to traditional options for fielding software on government information systems and enables teams to use now-industry standard DevSecOps practices to develop, maintain, and improve their software while in production in government environments. It allows teams to focus on the product by desegregating development, security, and IT operations teams. The result is lower costs, increased production efficiency and product quality, faster releases, and continuous innovation.